This is a release candidate package. There might be bugs. If so, please let me know.

Here's a complete rewrite of the Spam Hurdles module.
For an extended changelog see below.

One of the big changes is that cryptographic technology is used to store work data right in the form data on the client instead of storing all of it in the database. Because of this, the module can now function without database storage at all. Only if the replay attack block is enabled ("Block forms that are submitted multiple times"), the database will be used to store the id's of the forms that have already been submitted. This database storage has been made as light as possible, so after the id expires, it will be cleaned up from the database. I hope that this change will help those admins with busy forums that currently see the spam_hurdles table fill up rapidly in their databases.

Upgrade to Spam Hurdles 2 beta

To upgrade, move aside your existing mods/spamhurdles module directory. After that, unpack the contents of the module package and put these in mods/spamhurdles. Visit the admin interface (admin.php) to let the module system reload the new hook configuration. If you like, visit the Spam Hurdles module settings screen. If everything goes well, then the existing settings should automatically be upgraded to the new settings, so you should be seeing your original configuration in there (except for the few new options that were added).

If you are using Spam Hurdles 1 to protect some custom form (I know that there are a few people out there who do this), then please beware that the API totally changed (or better: that we have an API now ;-). The existing protection should be upgraded to work with the new API. Take a look at spamhurdles.php to see how the API was fitted into the posting and registration processes.

Changelog:
----------
v2.0.2
- Implemented more complete logging of blocked form posts using the
Event Logging module.
- Extended the settings for this module to make it possible to enable
or disable the logging of form posts that are blocked by the
Spam Hurdles module.
- Added code to the settings screen that will check if all templates
contain the required template hooks. If there are template files that
do not contain the required hooks, then a warning message is printed
in the settings screen, telling the admin what templates to update
with what hook.
v2.0.1
- Fixed a problem in the reCapthca component.
Thanks to Phorum.org user DavidVB for the patch!
v2.0.0
- Fully restructured the code by splitting the functions into API
functions (in api.php) and hook implementation functions
(in spamhurdles.php).
- The spam hurdles are now implemented using a plugin system,
which keeps the code for the various spam hurdles nicely separated
and which makes it easier to implement extra spam hurdles.
- Due to the plugin system, all spam hurdles are now available
available for all protected forms. Therefore, user registration
is now protected by all hurdles and not only by a CAPTCHA.
- It is now possible to protect multiple forms on a single page.
- Encryption technology (AES) is now used to be able to send the spam
hurdles data encrypted to the client, instead of having to store this
data in the database server. Only if the duplicate submit check is
enabled, the database will be used to store posting keys that have
already been used. Still, the database load caused by storing used
keys is a lot less than storing all generated keys, like the
predecessor of this module did.
- Put the modified iScramble() in the API code as spamhurdles_iScramble(),
so we won't run into name space issues when other code wants to use
the original iScramble code.
- The path to the "flite" binary is discovered by the settings screen
automatically now. Before, it was only discovered by the defaults.php
script on first load, but that doesn't help the case where Flite
is installed after the module was installed.
- Generating a spoken CAPTCHA or a CAPTCHA image is now done using the
"addon" hook. This prevents the need to do this kind of task from
some more generic hook like "common" (which makes Phorum load the module
code on each request and not only when neccessary).

I also get this error message "To use reCAPTCHA you must get an API key from [recaptcha.net];
(This is the only hurdle that I have enabled for this module) When I first ran this the pubkey length was 39 (it appeared that it ignored an underline in the pubkey?)

Which version of the spam hurdles mod is installed in the DEMO forum?
Because it has a problem, here is the reproducer (using Mozilla Firefox on windows and Linux):
1. Go to the main page of first forum: [www.phorum.org]
2. open first discussion in a tab. Wait 1 or 2 seconds
3. open second discussion in another tab.
4. Go to first discussion tab, post an answer. It works.
5. Go to second discussion tab, try to post an answer: BLOCKED by the spam module. This should not happen, as the answer was legitimate, and not a spam.

I do think the second answer should not be blocked. Or at least not for registered users. More and more people are using tabs of browsers, and I get more and more complaints.
Is it possible to not have this behavior in the new version of this module?

Thanks Maurice, I tested your secret sauce and it works. How "beta" is your module? I have a forum with 150 to 200 messages a day, but I am afraid to test something too "new", however I trust your developing skills :)

Thanks Thomas, I checked the options, and I must do something wrong, because it does not work.
I set all the methods to "Enable for anonymous users" (instead of "Disable hurdle" or "Enable for all users").
So the spam hurdle should not be enabled for registered users, right? But their messages are blocked when following my reproducer above.
I am using version 1.1.6 of this module.
What am I doing wrong?

Not too beta anymore. I had no bug reports and I have been running the module successfully on my own forum site. I put the new version in the 5.3 development tree as the default spam hurdles module for that version. If all keeps running smoothly, I will upgrade the 5.2 version as well at some point.